RE: WLAN Security, Authentication, and more...

["Josh Mills" <JMills () cnbwaco com>]

Im not an expert on wireless security but i will attempt to answer a few of the questions,

> 2.  How have you detered users from using their
> laptops at the local coffee shop?  Policies and
> procedures are a start, but are any system level
> controls in place to only allow connections to the
> corporate environment?  I would be concered an
> employee may have information traveling in the air on
> an open network (or have their machines comprimized
> while drinking some latte).

I tried many ways to deter this activity but never could convince people not to do it, instead i decided to just allow 
it but to take every precation to make sure they were secure. First I hardened all of the laptops as much as possible, 
then I had all the users implement pgp and encrypt all of their personal documents. As far as information traveling in 
the air, just make sure that everything they do is through a vpn and you should be safe.

> 3.  Rogue Wireless Detection - I have done much
> reading on this subject and would like to know how you
> all tackle this issue.  Some suggest cool toys like
> AirDefense, etc.  Others suggest some sort of MAC
> monitoring on switches/routers.  I am a fan of walking
> around with Kismet every few weeks.  The major issue I
> have encountered with walking around is the problem of
> neighboring buildings (in a downtown environment). 
> It's easy enough to find the APs you know about, but
> finding a rogue AP connected to your network becomes a
> challenge with all of the other APs popping up.  The
> only way I have found around this is to take a best
> guess based on signal/noise strength and go from
> there.  Any thoughts/suggestions on what you have read
> or deployed?

There is a product that will scan your network and keep a list of all MAC address and any time there is a new one added 
it will let you know about it via email, im not sure of the name but im sure someone will know. Other than this you 
could implement port security on all ports to only allow one MAC address or even a specific mac.



-----Original Message-----
From: tom jones [mailto:p0rt_0 () yahoo com]
Sent: Sunday, May 09, 2004 8:02 PM
To: security-basics () lists securityfocus com
Subject: WLAN Security, Authentication, and more...


Hello,

I have worked with wireless technology on and off for
a few years now and feel I have a solid grasp of
general best practice, but would appreciate some of
your thoughts on the below subjects.  I am aware of
other infrastructure and configuration settings
necessary to minimize the wireless footprint and
maximize security (disable SSID broadcast, change
admin passwords, place the AP in the DMZ on a switched
network / VLAN, etc).  I realize this type of question
has been asked on lists before, but the majority of
answers alsways default to the configurations from the
previous sentence.    I would greatly appreciate
specific input on the following questions:

The questions below are asked with the intention of
deploying wireless in a bank/hostpital type
environment.

1.  Security Controls
What have you seen / implemented as a standard for
wireless security?  I know LEAP is out of the question
due to the dictionary attack vulerability.  Possibly
PEAP or some other 802.1x standard?

Authentication - I usually see authentication through
the DMZ to a back end Radius or Active Directory
server.  Any other options?

Do you require your users to VPN through the DMZ to
access internal network resources?
        
2.  How have you detered users from using their
laptops at the local coffee shop?  Policies and
procedures are a start, but are any system level
controls in place to only allow connections to the
corporate environment?  I would be concered an
employee may have information traveling in the air on
an open network (or have their machines comprimized
while drinking some latte).

3.  Rogue Wireless Detection - I have done much
reading on this subject and would like to know how you
all tackle this issue.  Some suggest cool toys like
AirDefense, etc.  Others suggest some sort of MAC
monitoring on switches/routers.  I am a fan of walking
around with Kismet every few weeks.  The major issue I
have encountered with walking around is the problem of
neighboring buildings (in a downtown environment). 
It's easy enough to find the APs you know about, but
finding a rogue AP connected to your network becomes a
challenge with all of the other APs popping up.  The
only way I have found around this is to take a best
guess based on signal/noise strength and go from
there.  Any thoughts/suggestions on what you have read
or deployed?

I realize there is no silver bullet for all of these
questions and that there is a balance that is
necessary between security, functionality, ease of
use, management, and not loading the air with so much
overhead that wireless connections become unusable.

Your feedback is greatly appreciated.


        
                
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------